Malware can be a confusing term. A survey of what is “malware” leads to a slew of incoherent answers. Microsoft uses malware as an umbrella term for threats listed in the following glossary, which, of course, Bing also uses.

Bing has been warning users about malware for a long time. Additionally, webmasters receive notifications when a threat is detected on their site. Previously, a generic warning was used to cover all of the different malware threat types.

By refining the generic malware warning, Bing now gives more details about the type of threat the user is facing. Furthermore, this improvement enables webmasters to clean their site quicker by having stronger insights into why their site was flagged.

Phishing site warnings

The trick to fishing is making the fly float through the air as if it were alive. Done right and the hungry trout eyeballing the fly is convinced to take the bait. It is not a coincidence that criminal activity shares a similar name: phishing. The bait are fake websites designed to look and feel like the legitimate ones. These sites catch people by taking advantage of a user’s trust in entering information such as passwords, usernames, and credit cards.

Bing has refined the generic warning to specifically call out this threat. When users click a URL suspected of phishing, a warning will appear. This looks similar to the generic warning except it now warns that the site might steal personal information.

Webmasters still get notified through the dashboard, and they can then ask for a review after performing the cleanup.

Sites that link to malware

Sites might not always be malicious; however, they might link to malicious binaries. While safe to load into the browser, there is a hidden bomb waiting to be clicked. In contrast, some hacked pages cause infections just by visiting them. The generic warning is now refined to specifically call out pages (likely) safe to visit as long as links are not clicked.

This refined warning has a similar look and feel to the generic warning – the biggest change has been to the webmaster dashboard page.

The webmaster dashboard shows which binaries are causing the warning. As such, removing the harmful links leads to the warning being removed.

Clicking (View), under Additional Details, displays the path to the malicious binaries.

Sites with warnings are not always bad actors

We understand that sites with warnings are not always bad actors. Websites are vulnerable to being hacked, and webmasters are vulnerable to being tricked, just like any other customer. By refining our generic malware warning, our hope is that users are more informed and webmasters are able to clean their sites more efficiently.